Defining Multi-Link routes

When you use Multi-Link routing, traffic is routed through different network connections according to traffic conditions, the availability of the different connections, and the preferences that you configure.

NetLinks represent network connections. Multi-Link uses multiple NetLinks to balance the load of outbound traffic and ensure High Availability of Internet connectivity. With each new outbound connection, the NGFW Engine selects the fastest route for the connection from the available NetLinks. You can define Multi-Link routes for NGFW Engines and Virtual NGFW Engines and for both IPv4 and IPv6 traffic.

A Router or a NetLink element represents a next-hop gateway that forwards packets to networks that are not directly connected to the NGFW Engine. Tunnel interfaces for route-based VPNs do not use Router or NetLink elements. Instead, networks that are reachable through the VPN tunnel are added directly to the tunnel interface as if they were directly connected networks.

Figure: NetLinks in the Routing tree view



In this figure, a Multi-Link configuration is used to define a default route to the Internet (to the Any network element) through the ISP A and ISP B NetLinks. We recommend using separate network interfaces for each NetLink. It is possible to configure multiple NetLinks for a single network interface, but this introduces a single point of failure.

For each NetLink, a range of IP addresses is defined for applying NAT to the source IP address of an outbound connection that goes through the NetLink. A NAT rule in the Firewall Policy defines the Outbound Multi-Link element that is used for Multi-Link outbound connections.

To monitor the status of the links, define the probe IP addresses in the NetLink properties. The NGFW Engine sends ICMP messages to make sure that a link is still available. Only NetLinks that are used in an Outbound Multi-Link element are probed. Status monitoring is not available for NetLinks that are only used in Routing.

Multi-Link route configuration overview

  1. Create a NetLink for each alternative route.
  2. Add Networks under the NetLinks in the Routing tree to define a route.
  3. (Optional) Configure route metrics or ECMP.